Using SSH

montana_suse_user · July 3, 2020, 3:49am

I have a small home network of four computers and use ssh primarily to log in to the various other machines to use zypper for updates.

ssh <ip of machine I want into> -l<username>

I have myself as a user on each machine and enter my password when required. So far so good.

A situation has presented itself where it would be really great if I could do the same for a relative in another state. I have looked at the man pages until my eyes have glazed over and am afraid to just try things and cause a problem I wouldn’t be able to fix.

So, how can I do this and what do I need to know to avoid problems?

Bart

oldcpu · July 3, 2020, 4:16am

Years ago, when my 90 year old mother was alive (and living in Canada) , I used to maintain her openSUSE GNU/Linux PC while I lived in Germany (> 5,000 km away).

I used ssh and vnc extensively so to access her computer. Key things I had to sort out for ssh were:

Her internet IP address
Her router port forwarding
Her PC ssh port open and ssh daemon running

IP address: Initially for the Internet IP, I set up her router such that it mapped her IP to some name (ie oldcpu.mom.net ) where I located a free dns service that provided such. That was years ago and I don’t know if such a service available today for free.

So instead (initially as a backup) , I put an icon on her desktop, that she could click. That would launch a brouser that would go to a website that gave her the Internet IP address of her LAN router. She would tell me that over the phone. … ie I would call her, ask her permission to enter her PC, and she would say ‘yes’ and give me her IP address.

Port forwarding. I also had her router setup that any SSH access at a certain port #, would forward the SSH to her PC (on her LAN) at port 22.

PC firewall / ssh daemon I also set up her PC to accept ssh access and had her PC setup to run the ssh daemon. I edited the appropriate ssh configuration file to block ssh root access to her PC.

Note I did not use port 22 on the router, as port 22 is globally constantly being attacked by users trying to break into GNU/Linux PCs.

I would then ssh into the router’s IP at the ssh port # that I assigned (to be forwarded to her PC) and that would then connect me via ssh to her PC.

I suspect the above in general is still true today - BUT the specifics are likely different. Quite likely others will need to help you with the specifics , as I am out of date here.
.